Our Ability Jobs

At CVS Health, we’re building a world of health around every consumer and surrounding ourselves with dedicated colleagues who are passionate about transforming health care.

As the nation’s leading health solutions company, we reach millions of Americans through our local presence, digital channels and more than 300,000 purpose-driven colleagues – caring for people where, when and how they choose in a way that is uniquely more connected, more convenient and more compassionate. And we do it all with heart, each and every day.

Automation and Detection Engineer

Who You Are:

• Proven expertise in building and optimizing detection rules and automation scripts across SIEM platforms like Microsoft Sentinel, Splunk, and Google Chronicle. Proficient in using KQL (Kusto Query Language), SPL (Search Processing Language), and scripting languages such as Python, PowerShell, or Bash to automate security tasks and reduce response times.

• Strong coding skills with a solid understanding of Object-Oriented and Functional programming concepts. Experience in automating security processes using code and integrating security practices into CI/CD pipelines.

• Demonstrated ability to secure and automate across multi-cloud environments (AWS, Azure, GCP) and on-premises systems. Experience with container and serverless architectures, as well as traditional technology stacks.

• Hands-on experience in penetration testing and threat hunting to assess security vulnerabilities and create actionable detection rules. Familiar with tools like Kali Linux, Metasploit, and the MITRE ATT&CK framework for adversary emulation.

• Skilled in analyzing threat intelligence to adapt detection logic based on emerging threats. Experience in developing security strategies and conducting risk assessments to align detection capabilities with business goals.

• Proven track record of collaborating with security, engineering, and business teams to enhance security practices. Capable of mentoring junior engineers and leading security projects from inception to deployment.

Role Responsibilities:

Detection Engineering and Automation:

• Develop, deploy, and optimize detection rules and automation scripts across SIEM platforms (Microsoft Sentinel, Splunk, Google Chronicle).

• Leverage KQL, SPL, Python, PowerShell, or Bash to automate response actions and reduce manual intervention.

• Continuously refine detection capabilities based on emerging threats and threat intelligence feeds.

Security Automation and Integration:

• Build and maintain automation workflows for security tools to enhance incident response times.

• Integrate security processes into CI/CD pipelines using Infrastructure-as-Code and Security-as-Code principles.

• Develop custom scripts to automate security assessments and vulnerability management.

Threat Hunting and Adversary Emulation:

• Conduct proactive threat hunting using SOC tools like Microsoft Defender and CrowdStrike.

• Design adversary emulation scenarios to validate detection and response capabilities based on the MITRE ATT&CK framework.

• Analyze threat intelligence to adjust detection rules and prioritize threats effectively.

Collaboration and Leadership:

• Work closely with engineering, cloud, and DevOps teams to integrate security automation across multi-cloud environments.

• Lead security testing initiatives and provide actionable insights to improve detection and response strategies.

• Mentor junior engineers, promoting a culture of continuous learning and innovation.

Security Strategy and Compliance:

• Contribute to the strategic planning of detection and automation capabilities aligned with compliance standards (PCI-DSS, HIPAA, NIST, ISO 27001).

• Prepare and present reports to leadership on detection effectiveness, security gaps, and automation outcomes.

Qualifications:

Basic Qualifications:

• 5+ years of experience in threat detection, automation, or security engineering.

• Proficiency in Microsoft Security tools (Defender for Endpoint, Sentinel), CrowdStrike, Splunk, and Google Chronicle.

• Strong programming and scripting skills (Python, PowerShell, Bash).

• Experience with SIEM, SOAR, and CI/CD tools for security automation.

• Bachelor’s degree in Cybersecurity, Computer Science, or a related field (or equivalent experience).

Preferred Qualifications:

• Relevant certifications such as OSCP, GCIH, GCIA, CISSP, or Microsoft Azure Security certifications.

• Experience with container security (Docker, Kubernetes) and Infrastructure-as-Code tools.

• Familiarity with compliance standards (PCI-DSS, HIPAA, ISO 27001).

• Strong communication skills to convey complex security concepts to technical and non-technical stakeholders.

Anticipated Weekly Hours

40

Time Type

Full time

Pay Range

The typical pay range for this role is:

$79,310.00 - $158,620.00

This pay range represents the base hourly rate or base annual full-time salary for all positions in the job grade within which this position falls. The actual base salary offer will depend on a variety of factors including experience, education, geography and other relevant factors. This position is eligible for a CVS Health bonus, commission or short-term incentive program in addition to the base pay range listed above.

Our people fuel our future. Our teams reflect the customers, patients, members and communities we serve and we are committed to fostering a workplace where every colleague feels valued and that they belong.

Great benefits for great people

We take pride in our comprehensive and competitive mix of pay and benefits – investing in the physical, emotional and financial wellness of our colleagues and their families to help them be the healthiest they can be. In addition to our competitive wages, our great benefits include:

• Affordable medical plan options, a 401(k) plan (including matching company contributions), and an employee stock purchase plan .

• No-cost programs for all colleagues including wellness screenings, tobacco cessation and weight management programs, confidential counseling and financial coaching.

• Benefit solutions that address the different needs and preferences of our colleagues including paid time off, flexible work schedules, family leave, dependent care resources, colleague assistance programs, tuition assistance, retiree medical access and many other benefits depending on eligibility.

For more information, visit https://jobs.cvshealth.com/us/en/benefits

We anticipate the application window for this opening will close on: 04/02/2025

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.

We are an equal opportunity and affirmative action employer. We do not discriminate in recruiting, hiring, promotion, or any other personnel action based on race, ethnicity, color, national origin, sex/gender, sexual orientation, gender identity or expression, religion, age, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.